Ransomware and unknown threats make email security more crucial than ever
In today’s hyper-connected world, email-based communications are not just commonplace – they have become a fundamental cornerstone for effectively conducting business, with the total volume of worldwide emails sent per day projected to increase by at least 5% every year. Given the ubiquitous nature of email communications, emails are and will continue to be a popular vector for a variety of threats.
Email usage continues to increase
Regardless of the proliferation of text and social media, email communication is still growing strong. According to a recent study by the Radicati Group, the total volume of worldwide emails sent and received reached 205 billion per day, with this volume projected to increase by at least 5% every year.1 And, this fact is not lost upon hackers, who are constantly seeking opportunities to exploit organisations.
Anatomy of an email attack:
• A CFO gets an email from the CEO authorizing an emergency fund transfer. But the email is actually from a cybercriminal
• An employee with administrative rights to key systems receives an urgent email from IT to update their network password. They actually disclose their password to cybercriminals.
• An employee receives an email to read an important attachment about their benefits provider. When they open the attachment, they unknowingly activate hidden Trojan malware.
E-mail threats organisations face today
Emails offer hackers a vehicle to deliver a variety of vulnerabilities to an organization. Some of the more common email-borne threats include:
• Malware – email is one of the top delivery mechanisms to distribute known & unknown malware, which are typically embedded into email attachments in hopes that the attachment will be opened or downloaded onto a computer or network, thereby allowing hackers to gain access to resources, steal data, or crash systems.
• Ransomware – one particularly nefarious malware variant is ransomware. Once the email attachment is activated, the code embeds itself on a network and ransomware typically encrypts or locks critical files and systems. The hackers then coerce the organisation to pay an extortion fee in order to have the files or systems un-encrypted or unlocked.
• Phishing – this common hacker tactic utilizes emails with embedded links to hacker sites. When gullible users visit these sites, they’re prompted to enter PII (Personably Identifiable Information) that is in turn used to steal identities, compromise corporate data, or access other critical systems.
• Spear Phishing / Whaling – in this variant of phishing, key IT/networking individuals or company execs are targeted using malware-laced emails appearing to come from a trusted source, in efforts to gain access to internal systems & data.
• Business Email Compromise / CEO Fraud / Impostor email – Over the past two years, Business Email
Compromise (BEC) schemes have caused at least $3.1 billion in total losses to approximately 22,000 enterprises around the world, according to the latest figures from the FBI1. The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments.
• Spam – emails are used to deliver spam or unsolicited messages, which can clog inboxes and network resources, diminish businesses productivity, and increase operational costs.
• Outbound Email Hijacking – corporations are also subject to corporate policies and government regulations, which hold businesses accountable for their outgoing emails and ensuring they protect their customer’s PII. Zombie attacks and IP hi-jacking can disseminate customer PII, ruining the reputation of a business.
Emails communications are essential to organisations today, something hackers are keenly aware of. Given today’s complex, mature threats, it’s tantamount that organisations deploy a multi-layered security solution that includes dedicated, leading-edge, email protection. To effectively combat today’s emerging threats, organisations are well-advised to implement a next-generation email security management solution that provides fundamental email protection.
To learn more about ways to protect your organisation's emails, contact our sales team and learn about our range of SonicWall devices.